');

Related Articles

17 Comments

  1. 5

    David

    Also ran into the broken support for crypted disks when trying to install Gnome Ubuntu 14.04 next to Windows. Having to type my high entropy disk crypto passwords multiple times is not an acceptable option to me.

    So I used the steps below to get all my partitions into a single crypto container.

    —-

    Follow guide upto the point where you created 1 encrypted volume.
    Then push the back button to leave the partitioning tool.
    Goto the shell ([ctrl]+[alt]+F1) and execute the following commands

    Create LVM volume groups:
    # sudo -s
    # vgcreate gnome /dev/disk/by-id/dm-name-sda5_crypt
    # lvcreate -L 2G -n swap gnome
    # lvcreate -L 20G -n root gnome
    (next command assigns remaining space to home partition)
    # lvcreate -l 100%FREE -n home gnome
    # lvs

    Switch back to the installer([ctrl]+[alt]+F7)
    select “something else” again and “continue”.
    Once the tool is done rescanning you should now see the new devices(if not go back and forth again).

    Reconfigure the /boot partition as done earlier.
    Continue with the guide/installation, upto the point it asks for a reboot.

    DON’t reboot yet.

    Switch back to the console.

    Create crypttab:
    # blkid /dev/sda5
    # echo ‘sda5_crypt UUID=(uuid from prev cmd without quotes) none luks’ > /target/etc/crypttab

    Regenerate initramfs and grub config
    # mount -t proc proc /target/proc/
    # mount –rbind /sys sys/
    # mount –rbind /dev /target/dev/
    # chroot /target
    # update-initramfs -u
    # update-grub2
    # exit

    Now reboot, and you should be able to boot into you’re newly installed Ubuntu.
    (note: if booting hangs with a black screen, press [esc])

    Reply
    1. 5.1

      Nuxio

      Hey

      when i type: vgcreate gnome /dev/disk/by-id/dm-name-sda5_crypt i get an error.
      The error is: please enter a physical volume path.
      I need to encrypt my whole computer (dualboot win+ubuntu) and dont want to type in my encryption password for ubuntu 2 or 3 times…
      I use ubuntu mate 14.10
      I hope its possible with ubuntu mate.
      I cant find an article about it.
      Thanks!

      Reply
      1. 5.1.1

        david

        Have you verified that sda5_crypt is the device name of your unlocked crypto container?
        # dmsetup table
        sda5_crypt: 0 512989948 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0 8:5 4096

        The steps above are written for my setup. Other setups(eg. Distro/Distro version/partition setup) might use other names and numbers. I’m sure that with the man pages and some googleing you will figure out how to get this working for your setup.

        Reply
        1. 5.1.1.1

          Nuxio

          Thanks!

          Now its working. But now i have another problem…
          The command: mount –rbind /sys sys/ gets an error.
          The error is: mount: mount point sys/ does not exist.
          I hope you can help me with this problem too.
          Sorry for the questions. :)

          Reply
          1. 5.1.1.1.1

            david

            Oops, forgot something there. Should be:
            # mount –rbind /sys /target/sys/

          2. 5.1.1.1.2

            Nuxio

            Sorry but still: mount point does not exist…

          3. finid

            The solution might be something as simple as creating the directory yourself. If /target exists, try creating /sys under it with:

            mkdir /target/sys

            Then retry the original mount command. Just a guess, but nothing breaks if it doesn’t work.

          4. 5.1.1.1.3

            Nuxio12

            Hey,

            after a new try everything works just fine.
            Thanks for the post and your help.

  2. 4

    gosia

    thank you for this post!
    just to make the boot faster, is there a way to type the encryption password just once? (even for the prize of having the same password for all separate partitions)
    thanks!

    Reply
    1. 4.1

      finid

      support for good LVM and disk encryption setup in the current installer is not that good, so, no, that’s not possible at this time.

      Note that in this situation, having the same password for all partitions is ok.

      Reply
  3. 3

    Phix

    These steps no longer work under 14.04. I’ll list some details below. Can you provide any guidance on how to do a similar setup with 14.04?

    Details:
    I’ve been building similar test systems under 13.10 for months now, and they have all booted sucessfully. However, with 14.04 I’ve found that none of the systems will boot. I’ve built the systems the exact way I have before (identical to these instructions). When booting, I never get as far as being prompted for a pass-phrase. I get the initramfs prompt after the boot sequence times out. One thing I’ve noticed, is that dm_crypt is missing under the module list that I pull from initramfs.

    Reply
    1. 3.1

      finid

      That’s strange. Didn’t know something changed in the installer. Will revisit this asap.

      Reply
    2. 3.2

      finid

      I just installed 2 systems using the same instructions, minus the /home partition. Both booted successfully. One is in a virtual environment (250 GB storage) and the other is on real hardware (320 HDD). Will publish a tutorial using screenshots from one of them in a few hours.

      Reply
  4. 2

    c14

    Thanks for this – surely someone cleverer than I could describe how to use initramfs (or similar) so that the passphrase only has to be entered once?

    Reply
    1. 1.1

      finid

      But Swap also has to be encrypted. Otherwise you are not really getting full disk encryption.

      I don’t even consider that a bug. That’s the installer just telling you to encrypt the Swap partition.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *